Publication Date

Christopher J. Alberts

4973

Software Engineering Institute

Christopher Alberts is a Principal Engineer/Senior Cybersecurity Analyst in the CERT® Division at the Software Engineering Institute.

Alberts leads applied research projects in software assurance and cybersecurity. He is currently leading two projects: Security Engineering Risk Analysis (SERA) and Software Assurance Framework (SAF). The SERA Method defines a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems across the lifecycle and supply chain. The SAF is a compilation of software assurance practices that an organization can use to assess its current capability for acquiring and engineering secure software-reliant systems and chart a course for improvement.

Prior to his current projects, Alberts developed the OCTAVE® approach for evaluating information security risks and the Continuous Risk Management method for managing software development project risks. His research interests include risk analysis, measurement, and assessment.

Alberts has co-authored two books, Managing Information Security Risks: The OCTAVE Approach (Addison-Wesley 2002) and the Continuous Risk Management Guidebook (Software Engineering Institute 1996). He has also published more than 50 technical reports and articles.

Prior to the SEI, Alberts worked at Carnegie Mellon Research Institute and AT&T Bell Laboratories.

Alberts holds a BS and Master’s in Mechanical Engineering from Carnegie Mellon University.

In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.

This report provides members of the Commercial Mobile Service Provider (CMSP) community with practical guidance for better managing cybersecurity risk exposure, based on an SEI study of the CMSP element of the Wireless Emergency Alert pipeline.

In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.

This report presents four best practices for the Wireless Emergency Alerts (WEA) service, including implementing WEA in a local jurisdiction, training emergency staff in using WEA, cross-jurisdictional governance of WEA, and cybersecurity risk management.

In this report, the authors specify (1) a framework that documents best practice for risk management and (2) an approach for evaluating a program's risk management practice in relation to the framework.

This 2007 report provides an overview of the concepts and foundations of MOSAIC, a suite of advanced, risk-based analysis methods for assessing complex, distributed programs, processes, and information-technology systems.

The practices recommended in this 1999 report are designed to help you configure and deploy networked workstations that satisfy your organization‰s security requirements. The practices may also be useful in examining the configuration of previously deployed workstations.

This 1999 report is one of a series of SEI publications that are intended to provide practical guidance to help organizations improve the security of their networked computer systems. This report is intended for system and network administrators, managers of information systems, and security personnel responsible for networked information resources.